A high severity security flaw [1] [3] [5] [6], identified as CVE-2024-5565 with a CVSS score of 8.1 [4], has been disclosed in the VannaAI library by cybersecurity researchers.
Description
This vulnerability allows threat actors to exploit prompt injection techniques for remote code execution. The flaw targets the “ask” function in Vanna, enabling the execution of unauthorized commands by manipulating dynamically generated Python Plotly code based on user prompts. Tong Liu [1] [2], independent of JFrog [1], has highlighted the serious impact of prompt injection on command execution. Exploiting CVE-2024-5565 could allow threat actors to execute arbitrary commands on the underlying system. Vanna advises users to conduct operations involving Plotly integration in a sandbox environment to mitigate risks. JFrog’s Senior Director of Security Research [1], Shachar Menashe [1], emphasizes the importance of proper governance and security measures when using GenAILLM extensively [6].
Conclusion
The prompt injection vulnerability in the VannaAI library poses a serious threat, allowing threat actors to execute unauthorized commands remotely. To mitigate risks [3] [5], users are advised to operate in a sandbox environment when integrating Plotly. Proper governance and security measures are crucial when utilizing GenAILLM extensively.
References
[1] https://innovatopia.jp/cyber-security/cyber-security-news/34540/
[2] https://www.scmagazine.com/news/vanna-ai-prompt-injection-vulnerability-enables-rce
[3] https://www.redpacketsecurity.com/prompt-injection-flaw-in-vanna-ai-exposes-databases-to-rce-attacks/
[4] https://www.krofeksecurity.com/vulnerability-alert-vanna-ais-prompt-injection-flaw-puts-databases-at-risk-of-rce-attacks/
[5] https://thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html
[6] https://vulners.com/thn/THN:37DA4429FD3FE50F18A987D127E33CF7